diff --git a/nselib/data/http-fingerprints.lua b/nselib/data/http-fingerprints.lua
index 6fe256aef..24dbaf373 100644
--- a/nselib/data/http-fingerprints.lua
+++ b/nselib/data/http-fingerprints.lua
@@ -6951,7 +6951,7 @@ table.insert(fingerprints, {
matches = {
{
match = '200',
- output = 'Possible DD-WRT router Information Disclosure (OSVDB 70230)'
+ output = 'Possible DD-WRT router Information Disclosure (BID 45598)'
}
}
});
diff --git a/nselib/vulns.lua b/nselib/vulns.lua
index 40d0676df..755ec1bbe 100644
--- a/nselib/vulns.lua
+++ b/nselib/vulns.lua
@@ -454,7 +454,7 @@ local POPULAR_IDS_LINKS = {
return string_format("%s%s", link, id)
end,
BID = function(id)
- local link = 'http://www.securityfocus.com/bid/'
+ local link = 'https://www.securityfocus.com/bid/'
return string_format("%s%s", link, id)
end,
}
diff --git a/scripts/distcc-cve2004-2687.nse b/scripts/distcc-cve2004-2687.nse
index 525bc740c..e2b09f229 100644
--- a/scripts/distcc-cve2004-2687.nse
+++ b/scripts/distcc-cve2004-2687.nse
@@ -33,10 +33,9 @@ present in modern implementation due to poor configuration of the service.
-- | uid=118(distccd) gid=65534(nogroup) groups=65534(nogroup)
-- |
-- | References:
--- | http://distcc.googlecode.com/svn/trunk/doc/web/security.html
--- | http://http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2687
--- | http://http://www.osvdb.org/13378
--- |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2687
+-- | https://distcc.github.io/security.html
+-- | https://nvd.nist.gov/vuln/detail/CVE-2004-2687
+-- |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2687
--
-- @args cmd the command to run at the remote server
--
@@ -66,9 +65,8 @@ Allows executing of arbitrary commands on systems running distccd 3.1 and
earlier. The vulnerability is the consequence of weak service configuration.
]],
references = {
- 'http://http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2687',
- 'http://http://www.osvdb.org/13378',
- 'http://distcc.googlecode.com/svn/trunk/doc/web/security.html',
+ 'https://nvd.nist.gov/vuln/detail/CVE-2004-2687',
+ 'https://distcc.github.io/security.html',
},
dates = { disclosure = {year = '2002', month = '02', day = '01'}, },
exploit_results = {},
diff --git a/scripts/ftp-libopie.nse b/scripts/ftp-libopie.nse
index 13f63b2d2..c5dfd147a 100644
--- a/scripts/ftp-libopie.nse
+++ b/scripts/ftp-libopie.nse
@@ -18,7 +18,7 @@ Be advised that, if launched against a vulnerable host, this script will crash t
-- | VULNERABLE:
-- | OPIE off-by-one stack overflow
-- | State: LIKELY VULNERABLE
--- | IDs: CVE:CVE-2010-1938 OSVDB:64949
+-- | IDs: CVE:CVE-2010-1938 BID:40403
-- | Risk factor: High CVSSv2: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
-- | Description:
-- | An off-by-one error in OPIE library 2.4.1-test1 and earlier, allows remote
@@ -26,10 +26,10 @@ Be advised that, if launched against a vulnerable host, this script will crash t
-- | via a long username.
-- | Disclosure date: 2010-05-27
-- | References:
--- | http://osvdb.org/64949
-- | http://site.pi3.com.pl/adv/libopie-adv.txt
-- | http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
--- |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1938
+-- | https://www.securityfocus.com/bid/40403
+-- |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1938
--
@@ -43,7 +43,7 @@ portrule = shortport.port_or_service(21, "ftp")
action = function(host, port)
local opie_vuln = {
title = "OPIE off-by-one stack overflow",
- IDS = {CVE = 'CVE-2010-1938', OSVDB = '64949'},
+ IDS = {CVE = 'CVE-2010-1938', BID = '40403'},
risk_factor = "High",
scores = {
CVSSv2 = "9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C)",
diff --git a/scripts/ftp-proftpd-backdoor.nse b/scripts/ftp-proftpd-backdoor.nse
index 0ea5e06de..95fc6701d 100644
--- a/scripts/ftp-proftpd-backdoor.nse
+++ b/scripts/ftp-proftpd-backdoor.nse
@@ -7,8 +7,8 @@ local stdnse = require "stdnse"
-- vim: set filetype=lua :
description = [[
-Tests for the presence of the ProFTPD 1.3.3c backdoor reported as OSVDB-ID
-69562. This script attempts to exploit the backdoor using the innocuous
+Tests for the presence of the ProFTPD 1.3.3c backdoor reported as BID
+45150. This script attempts to exploit the backdoor using the innocuous
id command by default, but that can be changed with the
ftp-proftpd-backdoor.cmd script argument.
]]
diff --git a/scripts/ftp-vsftpd-backdoor.nse b/scripts/ftp-vsftpd-backdoor.nse
index de897e08e..6b79df85f 100644
--- a/scripts/ftp-vsftpd-backdoor.nse
+++ b/scripts/ftp-vsftpd-backdoor.nse
@@ -34,7 +34,7 @@ References:
-- | VULNERABLE:
-- | vsFTPd version 2.3.4 backdoor
-- | State: VULNERABLE (Exploitable)
--- | IDs: CVE:CVE-2011-2523 OSVDB:73573
+-- | IDs: CVE:CVE-2011-2523 BID:48539
-- | Description:
-- | vsFTPd version 2.3.4 backdoor, this was reported on 2011-07-04.
-- | Disclosure date: 2011-07-03
@@ -43,8 +43,8 @@ References:
-- | Shell command: id
-- | Results: uid=0(root) gid=0(root) groups=0(root)
-- | References:
--- | http://osvdb.org/73573
--- | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523
+-- | https://www.securityfocus.com/bid/48539
+-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523
-- | http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html
-- |_ https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb
--
@@ -137,7 +137,7 @@ action = function(host, port)
local vsftp_vuln = {
title = "vsFTPd version 2.3.4 backdoor",
- IDS = {CVE = 'CVE-2011-2523', OSVDB = '73573'},
+ IDS = {CVE = 'CVE-2011-2523', BID = '48539'},
description = [[
vsFTPd version 2.3.4 backdoor, this was reported on 2011-07-04.]],
references = {
diff --git a/scripts/ftp-vuln-cve2010-4221.nse b/scripts/ftp-vuln-cve2010-4221.nse
index 82f054d04..c02a99664 100644
--- a/scripts/ftp-vuln-cve2010-4221.nse
+++ b/scripts/ftp-vuln-cve2010-4221.nse
@@ -14,7 +14,7 @@ the context of the proftpd process (CVE-2010-4221). Authentication is not
required to exploit this vulnerability.
Reference:
-* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221
+* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221
* http://www.exploit-db.com/exploits/15449/
* http://www.metasploit.com/modules/exploit/freebsd/ftp/proftp_telnet_iac
]]
@@ -30,7 +30,7 @@ Reference:
-- | VULNERABLE:
-- | ProFTPD server TELNET IAC stack overflow
-- | State: VULNERABLE
--- | IDs: CVE:CVE-2010-4221 BID:44562 OSVDB:68985
+-- | IDs: CVE:CVE-2010-4221 BID:44562
-- | Risk factor: High CVSSv2: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- | Description:
-- | ProFTPD server (version 1.3.2rc3 through 1.3.3b) is vulnerable to
@@ -39,11 +39,10 @@ Reference:
-- | execute arbitrary code.
-- | Disclosure date: 2010-11-02
-- | References:
--- | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221
--- | http://osvdb.org/68985
+-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221
-- | http://www.metasploit.com/modules/exploit/freebsd/ftp/proftp_telnet_iac
-- | http://bugs.proftpd.org/show_bug.cgi?id=3521
--- |_ http://www.securityfocus.com/bid/44562
+-- |_ https://www.securityfocus.com/bid/44562
--
author = "Djalal Harouni"
@@ -169,7 +168,7 @@ action = function(host, port)
port = port,
vuln = {
title = 'ProFTPD server TELNET IAC stack overflow',
- IDS = {CVE = 'CVE-2010-4221', OSVDB = '68985', BID = '44562'},
+ IDS = {CVE = 'CVE-2010-4221', BID = '44562'},
risk_factor = "High",
scores = {
CVSSv2 = "10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C)",
diff --git a/scripts/http-axis2-dir-traversal.nse b/scripts/http-axis2-dir-traversal.nse
index 1826207e4..bf90cac7f 100644
--- a/scripts/http-axis2-dir-traversal.nse
+++ b/scripts/http-axis2-dir-traversal.nse
@@ -10,7 +10,7 @@ local table = require "table"
description = [[
Exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by
sending a specially crafted request to the parameter xsd
-(OSVDB-59001). By default it will try to retrieve the configuration file of the
+(BID 40343). By default it will try to retrieve the configuration file of the
Axis2 service '/conf/axis2.xml' using the path
'/axis2/services/' to return the username and password of the
admin account.
@@ -26,8 +26,8 @@ To check the version of an Apache Axis2 installation go to:
http://domain/axis2/services/Version/getVersion
Reference:
-* http://osvdb.org/show/osvdb/59001
-* http://www.exploit-db.com/exploits/12721/
+* https://www.securityfocus.com/bid/40343
+* https://www.exploit-db.com/exploits/12721/
]]
---
@@ -162,7 +162,7 @@ action = function(host, port)
return
end
- output[#output+1] = "\nApache Axis2 Directory Traversal (OSVDB-59001)"
+ output[#output+1] = "\nApache Axis2 Directory Traversal (BID 40343)"
--Retrieve file or only show credentials if downloading the configuration file
if rfile ~= DEFAULT_FILE then
diff --git a/scripts/http-iis-short-name-brute.nse b/scripts/http-iis-short-name-brute.nse
index 6a5a603ee..bc4762fb9 100644
--- a/scripts/http-iis-short-name-brute.nse
+++ b/scripts/http-iis-short-name-brute.nse
@@ -11,7 +11,7 @@ Notes:
References:
* Research paper: http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf
-* IIS Shortname Scanner PoC: http://code.google.com/p/iis-shortname-scanner-poc/
+* IIS Shortname Scanner PoC: https://github.com/irsdl/IIS-ShortName-Scanner
]]
---
@@ -42,7 +42,7 @@ References:
-- |
-- | References:
-- | http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf
--- |_ http://code.google.com/p/iis-shortname-scanner-poc/
+-- |_ https://github.com/irsdl/IIS-ShortName-Scanner
---
author = {"Jesper Kueckelhahn", "Paulino Calderon"}
@@ -156,8 +156,8 @@ cause a denial of service condition.
]],
references = {
'http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf',
- 'http://code.google.com/p/iis-shortname-scanner-poc/',
- 'http://www.osvdb.org/83771'
+ 'https://github.com/irsdl/IIS-ShortName-Scanner',
+ 'https://www.securityfocus.com/archive/1/523424'
}
}
local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)
diff --git a/scripts/http-vuln-cve2009-3960.nse b/scripts/http-vuln-cve2009-3960.nse
index da6d67ec9..38c1e9da8 100644
--- a/scripts/http-vuln-cve2009-3960.nse
+++ b/scripts/http-vuln-cve2009-3960.nse
@@ -15,7 +15,7 @@ ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0
For more information see:
* http://www.security-assessment.com/files/advisories/2010-02-22_Multiple_Adobe_Products-XML_External_Entity_and_XML_Injection.pdf
-* http://www.osvdb.org/62292
+* https://www.securityfocus.com/bid/38197
* Metasploit module: auxiliary/scanner/http/adobe_xml_inject
]]
@@ -131,7 +131,7 @@ Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and
ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0]],
references = {
'http://www.security-assessment.com/files/advisories/2010-02-22_Multiple_Adobe_Products-XML_External_Entity_and_XML_Injection.pdf',
- 'http://www.osvdb.org/62292'
+ 'https://www.securityfocus.com/bid/38197'
},
dates = {
disclosure = {year = '2010', month = '02', day = '15'},
diff --git a/scripts/http-vuln-cve2010-2861.nse b/scripts/http-vuln-cve2010-2861.nse
index dd01345b8..9b48c04ae 100644
--- a/scripts/http-vuln-cve2010-2861.nse
+++ b/scripts/http-vuln-cve2010-2861.nse
@@ -30,7 +30,7 @@ the password hash.
-- | VULNERABLE:
-- | Adobe ColdFusion enter.cfm Traversal password.properties Information Disclosure
-- | State: VULNERABLE
--- | IDs: CVE:CVE-2010-2861 OSVDB:67047
+-- | IDs: CVE:CVE-2010-2861 BID:42342
-- | Description:
-- | Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion
-- | 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter
@@ -44,10 +44,10 @@ the password hash.
-- |
-- | References:
-- | http://www.blackhatacademy.org/security101/Cold_Fusion_Hacking
--- | http://www.nessus.org/plugins/index.php?view=single&id=48340
--- | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2861
--- | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2861
--- |_ http://osvdb.org/67047
+-- | https://www.tenable.com/plugins/nessus/48340
+-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2861
+-- | https://nvd.nist.gov/vuln/detail/CVE-2010-2861
+-- |_ https://www.securityfocus.com/bid/42342
--
--
-- This script relies on the service being identified as HTTP or HTTPS. If the
@@ -66,16 +66,16 @@ action = function(host, port)
local vuln = {
title = 'Adobe ColdFusion Directory Traversal Vulnerability',
state = vulns.STATE.NOT_VULN, -- default
- IDS = {CVE = 'CVE-2010-2861', OSVDB = '67047'},
+ IDS = {CVE = 'CVE-2010-2861', BID = '42342'},
description = [[
Multiple directory traversal vulnerabilities in the administrator console
in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the
locale parameter]],
references = {
'http://www.blackhatacademy.org/security101/Cold_Fusion_Hacking',
- 'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2861',
- 'http://osvdb.org/67047',
- 'http://www.nessus.org/plugins/index.php?view=single&id=48340',
+ 'https://nvd.nist.gov/vuln/detail/CVE-2010-2861',
+ 'https://www.securityfocus.com/bid/42342',
+ 'https://www.tenable.com/plugins/nessus/48340',
},
dates = {
disclosure = {year = '2010', month = '08', day = '10'},
diff --git a/scripts/http-vuln-cve2011-3192.nse b/scripts/http-vuln-cve2011-3192.nse
index a92a26ede..bbbf2a7ee 100644
--- a/scripts/http-vuln-cve2011-3192.nse
+++ b/scripts/http-vuln-cve2011-3192.nse
@@ -8,9 +8,9 @@ Detects a denial of service vulnerability in the way the Apache web server
handles requests for multiple overlapping/simple ranges of a page.
References:
-* http://seclists.org/fulldisclosure/2011/Aug/175
-* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
-* http://nessus.org/plugins/index.php?view=single&id=55976
+* https://seclists.org/fulldisclosure/2011/Aug/175
+* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
+* https://www.tenable.com/plugins/nessus/55976
]]
---
@@ -26,16 +26,16 @@ References:
-- | VULNERABLE:
-- | Apache byterange filter DoS
-- | State: VULNERABLE
--- | IDs: CVE:CVE-2011-3192 OSVDB:74721
+-- | IDs: CVE:CVE-2011-3192 BID:49303
-- | Description:
-- | The Apache web server is vulnerable to a denial of service attack when numerous
-- | overlapping byte ranges are requested.
-- | Disclosure date: 2011-08-19
-- | References:
--- | http://seclists.org/fulldisclosure/2011/Aug/175
--- | http://nessus.org/plugins/index.php?view=single&id=55976
--- | http://osvdb.org/74721
--- |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
+-- | https://seclists.org/fulldisclosure/2011/Aug/175
+-- | https://www.tenable.com/plugins/nessus/55976
+-- | https://www.securityfocus.com/bid/49303
+-- |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
--
-- @args http-vuln-cve2011-3192.hostname Define the host name to be used in the HEAD request sent to the server
-- @args http-vuln-cve2011-3192.path Define the request path
@@ -62,14 +62,14 @@ action = function(host, port)
local vuln = {
title = 'Apache byterange filter DoS',
state = vulns.STATE.NOT_VULN, -- default
- IDS = {CVE = 'CVE-2011-3192', OSVDB = '74721'},
+ IDS = {CVE = 'CVE-2011-3192', BID = '49303'},
description = [[
The Apache web server is vulnerable to a denial of service attack when numerous
overlapping byte ranges are requested.]],
references = {
- 'http://seclists.org/fulldisclosure/2011/Aug/175',
- 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192',
- 'http://nessus.org/plugins/index.php?view=single&id=55976',
+ 'https://seclists.org/fulldisclosure/2011/Aug/175',
+ 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192',
+ 'https://www.tenable.com/plugins/nessus/55976',
},
dates = {
disclosure = {year = '2011', month = '08', day = '19'},
diff --git a/scripts/http-vuln-cve2011-3368.nse b/scripts/http-vuln-cve2011-3368.nse
index 0c613fc72..e60f1f5c8 100644
--- a/scripts/http-vuln-cve2011-3368.nse
+++ b/scripts/http-vuln-cve2011-3368.nse
@@ -28,7 +28,7 @@ References:
-- | VULNERABLE:
-- | Apache mod_proxy Reverse Proxy Security Bypass
-- | State: VULNERABLE
--- | IDs: CVE:CVE-2011-3368 OSVDB:76079
+-- | IDs: CVE:CVE-2011-3368 BID:49957
-- | Description:
-- | An exposure was reported affecting the use of Apache HTTP Server in
-- | reverse proxy mode. The exposure could inadvertently expose internal
@@ -37,8 +37,8 @@ References:
-- | Extra information:
-- | Proxy allows requests to external websites
-- | References:
--- | http://osvdb.org/76079
--- |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
+-- | https://www.securityfocus.com/bid/49957
+-- |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
--
-- @args http-vuln-cve2011-3368.prefix sets the path prefix (directory) to check for the vulnerability.
--
@@ -55,12 +55,12 @@ action = function(host, port)
local vuln = {
title = 'Apache mod_proxy Reverse Proxy Security Bypass',
- IDS = { CVE='CVE-2011-3368', OSVDB='76079'},
+ IDS = { CVE='CVE-2011-3368', BID='49957'},
description = [[
An exposure was reported affecting the use of Apache HTTP Server in
reverse proxy mode. The exposure could inadvertently expose internal
servers to remote users who send carefully crafted requests.]],
- references = { 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368' },
+ references = { 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368' },
dates = {
disclosure = { year='2011', month='10', day='05'}
},
diff --git a/scripts/http-vuln-cve2013-6786.nse b/scripts/http-vuln-cve2013-6786.nse
index ba8f94ced..1f0953a16 100644
--- a/scripts/http-vuln-cve2013-6786.nse
+++ b/scripts/http-vuln-cve2013-6786.nse
@@ -54,7 +54,7 @@ can be injected into the resulting 404 page. This includes linking to an
untrusted website and XSS injection.]],
IDS = {
CVE = "CVE-2013-6786",
- OSVDB = "99694",
+ BID = "63721",
},
references = {
'https://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf',
diff --git a/scripts/ipmi-cipher-zero.nse b/scripts/ipmi-cipher-zero.nse
index aa90b240d..716bef470 100644
--- a/scripts/ipmi-cipher-zero.nse
+++ b/scripts/ipmi-cipher-zero.nse
@@ -35,8 +35,7 @@ description = [[
-- |
-- | References:
-- | http://fish2.com/ipmi/cipherzero.html
--- | http://osvdb.org/show/osvdb/93039
--- |_ http://osvdb.org/show/osvdb/93040
+-- |_ https://www.us-cert.gov/ncas/alerts/TA13-207A
--
author = "Claudiu Perta "
@@ -63,8 +62,7 @@ functionality
]],
references = {
'http://fish2.com/ipmi/cipherzero.html',
- 'http://osvdb.org/show/osvdb/93040',
- 'http://osvdb.org/show/osvdb/93039',
+ 'https://www.us-cert.gov/ncas/alerts/TA13-207A',
}
}
diff --git a/scripts/smtp-vuln-cve2011-1720.nse b/scripts/smtp-vuln-cve2011-1720.nse
index 5552c47dd..31402492a 100644
--- a/scripts/smtp-vuln-cve2011-1720.nse
+++ b/scripts/smtp-vuln-cve2011-1720.nse
@@ -27,7 +27,7 @@ Reference:
-- | VULNERABLE:
-- | Postfix SMTP server Cyrus SASL Memory Corruption
-- | State: VULNERABLE
--- | IDs: CVE:CVE-2011-1720 OSVDB:72259
+-- | IDs: CVE:CVE-2011-1720 BID:47778
-- | Description:
-- | The Postfix SMTP server is vulnerable to a memory corruption vulnerability
-- | when the Cyrus SASL library is used with authentication mechanisms other
@@ -39,8 +39,8 @@ Reference:
-- | Available AUTH MECHANISMS: CRAM-MD5 DIGEST-MD5 NTLM PLAIN LOGIN
-- | References:
-- | http://www.postfix.org/CVE-2011-1720.html
--- | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1720
--- |_ http://osvdb.org/72259
+-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1720
+-- |_ https://www.securityfocus.com/bid/47778
author = "Djalal Harouni"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
@@ -261,7 +261,7 @@ action = function(host, port)
smtp.get_domain(host),
vuln = {
title = 'Postfix SMTP server Cyrus SASL Memory Corruption',
- IDS = {CVE = 'CVE-2011-1720', OSVDB = '72259'},
+ IDS = {CVE = 'CVE-2011-1720', BID = '47778'},
description = [[
The Postfix SMTP server is vulnerable to a memory corruption vulnerability
when the Cyrus SASL library is used with authentication mechanisms other
diff --git a/scripts/smtp-vuln-cve2011-1764.nse b/scripts/smtp-vuln-cve2011-1764.nse
index 8c9683ab2..d64fcd2d4 100644
--- a/scripts/smtp-vuln-cve2011-1764.nse
+++ b/scripts/smtp-vuln-cve2011-1764.nse
@@ -16,7 +16,7 @@ and execute arbitrary code with the privileges of the Exim daemon.
Reference:
* http://bugs.exim.org/show_bug.cgi?id=1106
* http://thread.gmane.org/gmane.mail.exim.devel/4946
-* http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-1764
+* https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1764
* http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
]]
@@ -31,7 +31,7 @@ Reference:
-- | VULNERABLE:
-- | Exim DKIM format string
-- | State: VULNERABLE
--- | IDs: CVE:CVE-2011-1764 OSVDB:72156
+-- | IDs: CVE:CVE-2011-1764 BID:47736
-- | Risk factor: High CVSSv2: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
-- | Description:
-- | Exim SMTP server (version 4.70 through 4.75) with DomainKeys Identified
@@ -40,8 +40,8 @@ Reference:
-- | arbitrary code with the privileges of the Exim daemon.
-- | Disclosure date: 2011-04-29
-- | References:
--- | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764
--- | http://osvdb.org/72156
+-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764
+-- | https://www.securityfocus.com/bid/47736
-- |_ http://bugs.exim.org/show_bug.cgi?id=1106
--
-- @args smtp-vuln-cve2011-1764.mailfrom Define the source email address to
@@ -206,7 +206,7 @@ action = function(host, port)
mailto = stdnse.get_script_args('smtp-vuln-cve2011-1764.mailto'),
vuln = {
title = 'Exim DKIM format string',
- IDS = {CVE = 'CVE-2011-1764', OSVDB = '72156'},
+ IDS = {CVE = 'CVE-2011-1764', BID = '47736'},
risk_factor = "High",
scores = {
CVSSv2 = "7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P)",
diff --git a/scripts/ssl-dh-params.nse b/scripts/ssl-dh-params.nse
index 0d7481d25..458242017 100644
--- a/scripts/ssl-dh-params.nse
+++ b/scripts/ssl-dh-params.nse
@@ -31,7 +31,7 @@ Opportunistic STARTTLS sessions are established on services that support them.
-- | VULNERABLE:
-- | Transport Layer Security (TLS) Protocol DHE_EXPORT Ciphers Downgrade MitM (Logjam)
-- | State: VULNERABLE
--- | IDs: OSVDB:122331 CVE:CVE-2015-4000
+-- | IDs: BID:74733 CVE:CVE-2015-4000
-- | The Transport Layer Security (TLS) protocol contains a flaw that is triggered
-- | when handling Diffie-Hellman key exchanges defined with the DHE_EXPORT cipher.
-- | This may allow a man-in-the-middle attacker to downgrade the security of a TLS
@@ -50,7 +50,7 @@ Opportunistic STARTTLS sessions are established on services that support them.
-- | References:
-- | https://weakdh.org
-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
--- | http://osvdb.org/122331
+-- | https://www.securityfocus.com/bid/74733
-- |
-- | Diffie-Hellman Key Exchange Insufficient Diffie-Hellman Group Strength
-- | State: VULNERABLE
@@ -837,7 +837,7 @@ the encrypted stream.]],
state = vulns.STATE.NOT_VULN,
IDS = {
CVE = 'CVE-2015-4000',
- OSVDB = '122331'
+ BID = '74733'
},
SCORES = {
CVSSv2 = '4.3'
diff --git a/scripts/ssl-poodle.nse b/scripts/ssl-poodle.nse
index 9b2b12149..9a71b49a7 100644
--- a/scripts/ssl-poodle.nse
+++ b/scripts/ssl-poodle.nse
@@ -34,7 +34,7 @@ your TLS ciphersuites.
-- | VULNERABLE:
-- | SSL POODLE information leak
-- | State: VULNERABLE
--- | IDs: CVE:CVE-2014-3566 OSVDB:113251
+-- | IDs: CVE:CVE-2014-3566 BID:70574
-- | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and
-- | other products, uses nondeterministic CBC padding, which makes it easier
-- | for man-in-the-middle attackers to obtain cleartext data via a
@@ -44,8 +44,8 @@ your TLS ciphersuites.
-- | TLS_RSA_WITH_3DES_EDE_CBC_SHA
-- | References:
-- | https://www.imperialviolet.org/2014/10/14/poodle.html
--- | http://osvdb.org/113251
--- | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+-- | https://www.securityfocus.com/bid/70574
+-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
-- |_ https://www.openssl.org/~bodo/ssl-poodle.pdf
--
@@ -321,7 +321,7 @@ action = function(host, port)
state = vulns.STATE.NOT_VULN,
IDS = {
CVE = 'CVE-2014-3566',
- OSVDB = '113251'
+ BID = '70574'
},
SCORES = {
CVSSv2 = '4.3'